Lumia’s Research Team revealed that messages dictated via Siri, including WhatsApp and iMessage are not sent to the Private Cloud Compute. In fact, there is no assurance as to what Apple does with these messages.
Siri transmits metadata about installed and active apps without the user’s ability to control these privacy settings.
Audio playback metadata such as ‘recording names’, is sent without consent. No user control or visibility exists over these background data flows.
Apple uses two distinct privacy policies (Siri vs. Apple Intelligence), meaning similar queries may fall under different data-handling rules.
TL;DR
We reveal AppleStorm, our investigation into how Apple AI’s eco-system quietly transmits messages (WhatsApp, iMessage) sent via Siri to Apple servers, even when it isn’t needed to complete the task. This happens without the user having any control whatsoever over when and what can be sent.Also more data than messages is sent to Siri’s servers. Let’s deep dive.
I don’t think this research adds anything new to the table, tbh.
Yes. I know it because my device is deemed by Apple to be too weak to run Apple Intelligence, and Siri can still do all of that the last time I checked.
Well, it’s very easy for me. My device doesn’t even know that Private Cloud Compute exists. If you have a device that can run Apple Intelligence, the good rule of thumb is if an “Apple Intelligence feature” exists on devices that can’t run Apple Intelligence (like Siri), then the data is probably sent to good old servers.
Also, the “new Siri” doesn’t exist (yet). What we currently have is “Siri with an old coat of paint” and “Siri with a new coat of paint”. In other words, Siri is the same under the hood whether you device is “strong enough” to use Apple Intelligence.
I know this. Everybody should know this… because Apple states so very clearly in its privacy policy.
When you use Siri and Dictation, your device may send other contextual data to Apple, including from third-party apps you allow to integrate with Use with Siri Requests, such as:
Contact names, nicknames, and relationships (for example, “my dad”), if you set them up in your contacts
Form of address, if set in language and region settings
Music and podcasts you enjoy
Names of your and your Family Sharing members’ devices
Names of accessories, homes, scenes, shared home members in the Home app, and Apple TV user profiles
Labels for items, such as people names in Photos, Alarm names, and names of Reminders lists
Names of apps installed on your device and shortcuts you added through Siri
Also, this list is non-exhaustive considering the wording.
I thought this (dictation) was all done on-device?
Obviously if a request performs an action it may pass their search API or whatever.
I did not know this. They repeatedly say how it is all on device and private. Why do they need contact names sent to their server?
(Not that it matters, contacts aren’t even e2ee on iCloud)
No they changed the audio processing to be on device, but there was still data sent in old Siri. I’m hoping when they complete the full transition over to Apple Intelligence it’ll be completely on device/PCC
Yeah this is why I have such an issue with apple using the local/on device/privacy first angle to drive their marketing for apple intelligence. Especially when they plan on adding gpt 5 integration or perplexity as I’ve heard some rumors suggest
When you use Siri, your device will indicate in Siri Settings whether the things you say are processed on your device and not sent to Apple servers. Otherwise, your audio is sent to and processed on Apple servers. Unless you opt in to Improve Siri and Dictation, your audio data is not stored by Apple. In all cases, transcripts of your interactions will be sent to Apple to process your requests and may be stored by Apple.
The reason why it’s so complicated is because… Siri and Dictation exists on Apple Watch, which is weak as hell. My Apple Watch still can’t process my local language, only dictation in English is happened locally. In all cases, the transcripts are sent to Apple, not the audio.
According to Apple, to provide the current context, like who you are talking to, so Siri don’t misunderstand you.
This data is associated with a random, device-generated identifier that is not tied to your Apple Account or email address. It is used by Apple only to determine whether Siri understood your request and to help your iOS device and any connected Apple device, such as your Apple Watch, HomePod, or supported HomeKit accessory, understand you better and recognize what you say.
Of course, you can trust what Apple says or not.
Currently, ChatGPT extension is off by default. In other words, after you turn on Apple Intelligence, you also have to explicitly turn on ChatGPT extension. So I don’t think it’s a problem.
I mean… we are talking about Apple Intelligence. Apple already gate-keeps Apple Intelligence. My iPhone can’t run it.
If your Apple device can run Apple Intelligence, just turn off Siri if you don’t need it. Apple Intelligence’s Privacy Policy is very good compared to Siri.
Have to agree with @khoa here these “findings” are just how Apple’s systems currently work (I do have Siri completely disabled for a reason). If you just read marketing headlines you might not get the full picture always but that’s like kinda to be expected. This is a good PSA and could’ve been a great deep-dive blog post but come on giving it a name like “AppleStorm”? Childish.
I’ve been on the search for a local AI solution that would not connect to the Internet.
Therefore, I was seriously considering buying a new iPad Pro with the intention of using Apple Intelligence as my primary AI tool. I thought that if I buy a powerful iPad the Apple Intelligence wouldn’t need to connect to the Apple servers at all and that it could do all of the necessary processing on my device…
This brings a question to mind for the group. If one was to go out and buy another iPhone today, from an AI privacy standpoint, should they buy an iPhone 15 which can’t run Apple Intelligence or buy the newest model which will (in theory) have the ability to keep more data on device?
Based on the headline, the article was talking about Apple Intelligence. However, it was actually about Siri. This is an important distinction.
Frankly, this whole mess is caused by Apple themselves. It promised to deliver “the new Siri with Apple Intelligence” in iOS 18 but failed. As a result, Siri is actually the same under the hood regardless of whether your device can run Apple Intelligence.
Now, to answer your question:
If you don’t like Apple Intelligence, you can just turn it off. The newer iPhones will ask you whether you want Apple Intelligence when you set it up.
If you are concerned about Siri’s privacy specifically, you can turn on Apple Intelligence and turn off Siri.
So, in the end, it doesn’t matter that much, really.
